Company info on the internet: Organization history, employees pii, leadership, technologies, security, partners/vendors/clients
- Hr is your friend: consider them the SME of the company’s social media
- Grey literature - Wikipedia
- Exifdata of leaderships pictures
- BeenVerified is great but costly
- How do osint tools , how do they parse data or just apis? APIs
- Create Google search alerts
- Purpose: for enumeration
- SSLMate on GitHub - SSLMate/certspotter
- DNSTwister tool
-
HackerTarget.com is online tools
- Part of it: Dnsdumper is great for enumeration via api
-
MXToolbox - mail loops, does anything go down or up?
- has api
-
url crazy - does typo squatting well
-
monster, Glassdoor, etc
-
Facebook, twitter, instagram, vin numbers on carmax, reddit
- Hashtags: #ciscosystems, #nicebadge, #workplace
-
Hunter.io for email addresses
- has api calls
-
haveibeenpwnd.com with domain monitoring
-
- sending emails not from internal domain
- Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework - Black Hills Information Security
- DMARC forensic report
-
Grayhatwarefare - allows you to search Amazon S3 Buckets
-
LinkedINT and Peasant
- point Peasant to cookie file
- Is there a tool recommended to amalgamate all OSINT information into easily viewable profiles/relation trees? Preferably FOSS. Spiderfoot!